Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1d/be8d59-7704-45f8-b399-a88f574152b6/1/yODnLhtEhpSHZKcWtftsr2wrfHM.roa
File:                     yODnLhtEhpSHZKcWtftsr2wrfHM.roa (raw, json)
Hash identifier:          vGS7Y/f4ssyV0t0WiPGg8Dqt5gZnLrzS3R4VljxDfWM=
Subject key identifier:   C8:E0:E7:2E:1B:44:86:94:87:64:A7:16:B5:FB:6C:AF:6C:2B:7C:73
Certificate issuer:       /CN=9917f777e71ac34122edb35edd60cf14d75b9ef6
Certificate serial:       0194244497DE445B1A1E859DD16365D1D217
Authority key identifier: 99:17:F7:77:E7:1A:C3:41:22:ED:B3:5E:DD:60:CF:14:D7:5B:9E:F6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mRf3d-caw0Ei7bNe3WDPFNdbnvY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1d/be8d59-7704-45f8-b399-a88f574152b6/1/yODnLhtEhpSHZKcWtftsr2wrfHM.roa
Signing time:             Wed 01 Jan 2025 23:47:42 +0000
ROA not before:           Wed 01 Jan 2025 23:47:42 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     209638
IP address blocks:        185.178.107.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1d/be8d59-7704-45f8-b399-a88f574152b6/1/mRf3d-caw0Ei7bNe3WDPFNdbnvY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1d/be8d59-7704-45f8-b399-a88f574152b6/1/mRf3d-caw0Ei7bNe3WDPFNdbnvY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/mRf3d-caw0Ei7bNe3WDPFNdbnvY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 22 Feb 2025 05:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:44:97:de:44:5b:1a:1e:85:9d:d1:63:65:d1:d2:17
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9917f777e71ac34122edb35edd60cf14d75b9ef6
        Validity
            Not Before: Jan  1 23:47:42 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c8e0e72e1b4486948764a716b5fb6caf6c2b7c73
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:bb:2f:e0:c5:68:5e:d2:e7:5b:e0:01:7a:e8:
                    6f:5a:7d:67:61:5d:50:e4:dc:55:ee:e5:8c:f4:7a:
                    25:dd:65:e9:0a:ce:17:3c:30:09:89:c6:09:59:b6:
                    73:c0:4a:ad:d9:db:01:2b:b7:fd:94:ba:ae:7f:82:
                    44:20:6f:9e:84:63:2f:3e:10:3f:ae:97:8d:d4:41:
                    dc:03:25:c0:98:e2:a3:df:6a:19:ff:a6:7e:ff:25:
                    2c:c2:3b:8e:cf:93:98:c2:8e:2d:83:ce:cf:e8:04:
                    0e:02:8a:ed:2b:35:11:f4:df:d1:65:49:a1:95:ed:
                    63:0b:60:99:eb:89:fd:e7:c1:8d:ee:3a:df:4e:a1:
                    62:0e:cc:12:02:87:f9:6a:bb:b9:56:77:c2:ae:34:
                    6e:03:61:9c:fd:72:35:91:fb:46:1d:39:c3:e6:f1:
                    3a:34:4f:53:60:4e:e8:4b:54:62:55:ae:5f:31:7c:
                    4b:e2:66:81:71:e4:9a:df:61:81:7d:2b:af:8f:df:
                    5b:81:52:25:1b:a0:08:4b:4f:ae:93:95:80:4a:d7:
                    c5:03:8d:4f:58:c6:70:e8:9d:fe:ab:92:5f:2b:cc:
                    7e:ca:02:10:dd:ae:6a:3e:6f:92:db:c7:0d:00:72:
                    05:55:8b:9f:62:1a:eb:07:87:fb:a2:e5:ff:b1:e3:
                    9b:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C8:E0:E7:2E:1B:44:86:94:87:64:A7:16:B5:FB:6C:AF:6C:2B:7C:73
            X509v3 Authority Key Identifier:
                keyid:99:17:F7:77:E7:1A:C3:41:22:ED:B3:5E:DD:60:CF:14:D7:5B:9E:F6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mRf3d-caw0Ei7bNe3WDPFNdbnvY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1d/be8d59-7704-45f8-b399-a88f574152b6/1/yODnLhtEhpSHZKcWtftsr2wrfHM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1d/be8d59-7704-45f8-b399-a88f574152b6/1/mRf3d-caw0Ei7bNe3WDPFNdbnvY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.178.107.0/24

    Signature Algorithm: sha256WithRSAEncryption
         98:db:f0:60:54:e0:23:75:1f:23:64:fb:30:2a:90:76:38:ce:
         28:9f:b2:fe:35:57:cc:01:13:51:c3:84:5c:be:e7:8b:7f:e4:
         67:8b:a2:bb:c6:79:23:9d:4d:90:9d:40:d1:03:ab:62:cd:b0:
         c3:ef:7f:0e:fc:a2:8d:6b:f3:77:40:d7:99:b9:cd:a3:4e:e3:
         d0:18:61:25:af:ab:2b:8e:1d:a2:55:b2:cc:4e:8d:09:49:93:
         a8:58:c8:63:c8:2f:c8:05:06:5d:c3:87:e0:a4:47:99:5f:e7:
         40:da:de:9b:8a:3b:80:b1:21:b5:09:9a:ff:9c:8b:55:37:82:
         01:ee:ba:e0:b0:5b:ff:cf:a2:39:54:a6:cf:9c:39:fa:10:b2:
         55:3f:c2:5b:70:30:49:b1:a3:57:82:dc:99:78:6c:70:ac:32:
         7b:dc:18:87:a8:2b:4d:e7:4c:3a:e5:6f:e0:30:7f:25:be:1e:
         dc:17:a7:1f:2c:63:39:6c:31:23:0e:02:b6:da:6e:7f:0f:5e:
         77:bd:9a:30:e2:83:80:6e:18:3b:46:3b:2c:55:f7:2f:e3:f9:
         45:4c:57:47:44:fe:24:88:50:e4:7f:7a:d0:e1:f6:ad:28:1d:
         64:ef:fb:65:4a:8a:8c:74:1d:d5:d7:5f:48:97:eb:4c:40:53:
         31:68:51:90
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQkRJfeRFsaHoWd0WNl0dIXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk5MTdmNzc3ZTcxYWMzNDEyMmVkYjM1ZWRkNjBjZjE0ZDc1
YjllZjYwHhcNMjUwMTAxMjM0NzQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjOGUwZTcyZTFiNDQ4Njk0ODc2NGE3MTZiNWZiNmNhZjZjMmI3YzczMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnbsv4MVoXtLnW+ABeuhvWn1nYV1Q
5NxV7uWM9Hol3WXpCs4XPDAJicYJWbZzwEqt2dsBK7f9lLquf4JEIG+ehGMvPhA/
rpeN1EHcAyXAmOKj32oZ/6Z+/yUswjuOz5OYwo4tg87P6AQOAortKzUR9N/RZUmh
le1jC2CZ64n958GN7jrfTqFiDswSAof5aru5VnfCrjRuA2Gc/XI1kftGHTnD5vE6
NE9TYE7oS1RiVa5fMXxL4maBceSa32GBfSuvj99bgVIlG6AIS0+uk5WAStfFA41P
WMZw6J3+q5JfK8x+ygIQ3a5qPm+S28cNAHIFVYufYhrrB4f7ouX/seObMwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMjg5y4bRIaUh2SnFrX7bK9sK3xzMB8GA1UdIwQY
MBaAFJkX93fnGsNBIu2zXt1gzxTXW572MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbVJmM2QtY2F3MEVpN2JOZTNXRFBGTmRibnZZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZC9iZThkNTktNzcwNC00NWY4LWIzOTkt
YTg4ZjU3NDE1MmI2LzEveU9EbkxodEVocFNIWktjV3RmdHNyMndyZkhNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZC9iZThkNTktNzcwNC00NWY4LWIzOTktYTg4ZjU3NDE1MmI2
LzEvbVJmM2QtY2F3MEVpN2JOZTNXRFBGTmRibnZZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAubJrMA0G
CSqGSIb3DQEBCwUAA4IBAQCY2/BgVOAjdR8jZPswKpB2OM4on7L+NVfMARNRw4Rc
vueLf+Rni6K7xnkjnU2QnUDRA6tizbDD738O/KKNa/N3QNeZuc2jTuPQGGElr6sr
jh2iVbLMTo0JSZOoWMhjyC/IBQZdw4fgpEeZX+dA2t6bijuAsSG1CZr/nItVN4IB
7rrgsFv/z6I5VKbPnDn6ELJVP8JbcDBJsaNXgtyZeGxwrDJ73BiHqCtN50w65W/g
MH8lvh7cF6cfLGM5bDEjDgK22m5/D153vZow4oOAbhg7RjssVfcv4/lFTFdHRP4k
iFDkf3rQ4fatKB1k7/tlSoqMdB3V119Il+tMQFMxaFGQ
-----END CERTIFICATE-----